X.com bug bounty is running under the Paypal bug bounty program and i got paid .

Bug1 Add new Application :

X.com provided option to add the new application in account settings. Due to missing of CSRF token this vulnerability successfully executed and unauthorized application is added anonymously in the user’s account .